CVE-2023-46596
- EPSS 0.06%
- Veröffentlicht 15.02.2024 06:15:45
- Zuletzt bearbeitet 23.01.2025 17:43:12
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts int...
CVE-2023-46595
- EPSS 0.04%
- Veröffentlicht 02.11.2023 08:15:08
- Zuletzt bearbeitet 21.11.2024 08:28:51
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)
CVE-2022-36783
- EPSS 0.07%
- Veröffentlicht 25.10.2022 17:15:55
- Zuletzt bearbeitet 07.05.2025 20:15:21
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to ano...
CVE-2014-4164
- EPSS 0.23%
- Veröffentlicht 16.06.2014 18:55:09
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.